This panel will feature experts with experience in driving (or
attempting to drive) usable security features into products or
deployment projects. They will each tell the tale of a feature, with
a lesson learned on its success or failure. Panel discussion will
cover what research can do to enable technology transfer of usable
security, and what product and deployment people can do to support
research in usable security that can make a difference in real
use.

CALL FOR PAPERS

SCOPE AND FOCUS

How do we fix the sorry state of usable security and privacy today? Simple -- it's just a matter of inventing a few clever UI techniques and protocols, running user studies to show they work, and then it's problem solved, right?

Unfortunately, no -- there's another hurdle to clear. Even the best usable security solutions need to be deployed on a massive scale if they are actually to improve life in the online ecosystem. And too often great ideas sputter out on their way to the market. Getting great ideas to the market requires effective tech transfer. That means explaining your idea to a LOT of people and convincing them not only that your solution is technically great, but also that it is worth the cost and effort of building, deploying, and maintaining. You'll have to make the case for your technology to engineers, business people, policy makers, privacy advocates, and, of course, customers. You'll have to balance the technical elegance of your solution against entrenched practices, existing policy, business considerations, and development and operational costs. Tech transfer introduces problems that many experts in industry, let alone grad students who have never been exposed to these problems, don't know how to deal with.

This workshop will provide a chance for those who have encountered, are interested in, or have solved the problems that come with usable security and privacy tech transfer to share ideas -- stories, tips & tricks, and lessons learned -- for what works and what doesn't. The workshop should be of interest to anyone in industry or public policy who wants to share tech transfer experiences or to anyone in academia who sees tech transfer in their future.

Those interested in presenting should submit a position, research, or anecdotal paper on a relevant topic. Relevant topics include, but are not limited to:

tech transfer war stories (successes and failures both welcome);

lessons learned from tech transfer attempts;

tips and tricks for successful tech transfer;

pitfalls to avoid;

methods for disseminating usable security and privacy research to business and government decision makers.

Authors of accepted papers will be invited to present their ideas at the workshop. Accepted workshop papers will be available on the SOUPS website, but will not be included in the ACM Digital library.

SUBMISSIONS

We invite authors to submit original papers in PDF format. Papers should use the SOUPS formatting template
(LaTeX or
MS Word). Submissions should be 2 to 6 pages
in length, not counting appendices. The paper should be self-contained without requiring that readers also read the appendices. The appendices need not conform to the formatting template. Submissions should not be blinded. Email inquiries and submissions to:
sputter_workshop2010@hotmail.com

(Note: There is a 10MB size limit on email attachments to this address; for larger submissions, email to make alternate arrangements.)